Please take a moment to read http://bit.ly/demandglobalchange, to help share the message and support the initiative to tell our leaders to focus on addressing the global world problems, instead of complaining about the effects of their lack of leadership. Be a leader yourself, and share this with as many people as possible. #demandglobalchange // https://www.facebook.com/demandglobalchange

Free Tool – Cisco Ironport C350 Safelist / Blocklist merge utility

If you have multiple Cisco Ironport C350 devices, you may have noticed that safelist / blocklist entries are bound to an individual device. So if your Ironport devices are both installed to handle incoming mails, end users need to manage safelists/blocklists on both devices in order to be sure that both devices operate in the same way.

This is a problem, because, to an end user, it should not matter where they manage the safelist/blocklist, they only want to do it just one time and on one device, and not multiple times.†

In order to capture the safelist/blocklist database from multiple devices, merge the lists, and then activate the merged lists on all devices, you would need to use the backup & restore features.

The Cisco Ironport CLI allows admins to create a backup of the configuration, but surprisingly this does not include the safelist/blocklist database.† The management GUI allows administrators to backup & restore safelists/blacklists, but it cannot be scheduled.†† Cisco Ironport support has told me that there is no way to do this.

So I wrote a small utility that will allow you to

backup of the safelist / blocklist database of a Cisco Ironport C350 device. You can run this against any number of Cisco Ironport devices

merge the backup files into 1 big file

copy the merged file back to all of your Ironport devices and activate/restore the merged file

All of these actions are CLI commands, so you can build a batch script file and use Windows Scheduled Tasks to run this at any given time.

Requirements :

In order for the application to run, the following requirements must be met :

1. The server/computer running the script must have access to the Ironport interfaces that are activated for management.

2. The Ironport must be configured for management over HTTPS and SSH, and must allow FTP access as well. If there is a firewall between the server/computer running the scripts and the interface that hosts the management ports, the ports for HTTPS, SSH and FTP must be open

-u <username> -pw <password> -m restore -fi <slbl_filename_to_import>
Notes :
In order for the backup to work, the device must be reachable

over HTTPS and FTP

In order for the restore to work, the device must be reachable

over HTTPS and SSH, and pscp.exe

(http://the.earth.li/~sgtatham/putty/latest/x86/pscp.exe) must

be in the current directory as well

Finally, the import file must start with slbl_ and have .csv extension

In all cases, the useraccount must be member of the operators or administrators

†

Before you can use the tool, you’ll have to create a license request and send the request to me.† The tool is free, but I will process your request faster if you donate something/anything at all using paypal (send to peter.ve@telenet.be), or if you pick something off my Amazon wish lists (Books – Electronics).† In the email that contains the license request, you should either mention a reference to the paypal or amazon transaction, or you should include "I do not wish to donate at this time". Don’t feel obliged to donate.

You can create a license request by running

PVEIronportSafeBlockListMerger.exe -lic

Next, take the .req file, and send it to peter.ve@telenet.be (don’t forget the small text that either includes the donation information as explained above, or the text "I do not want to donate at this time").† Also, please specify the username/company name and email address that should be used in the license file).† If these entries are not in the email, I won’t be able to create a license file.

When you receive the license file, just put it in the same folder as the .exe file.† If the .lic file is present and if you run the tool again, you should see the license information :

C. Deploy the merged file back to your Ironports

The last step is to copy the file back to the Ironports and to activate/restore this file. This mode requires pscp.exe to be present in the working directory.† If, for any reason, the application appears to hang at "Copying file to….", then download plink.exe from PuTTY Download Page, put it in the same folder, and use plink.exe to connect to the Ironports.† This will allow you to save the ssh key for each Ironport device.† From that point forward, the merge utility should work just fine (and you can even remove plink.exe again if you want to)

Privacy Overview

a. Corelan respects your privacy. Most information accessible on or via the
Corelan Website is available without the need to provide personal information.
In certain cases you may however be requested to submit personal information. In
such case your personal information shall be treated in accordance with the General Data Protection Regulation and any amendments hereof.

b. All personal information made available by you will be treated solely for
the purpose of making available to you the requested information or services.
Your personal information will not be shared with third parties, but it may be used for authentication, support & marketing purposes in relation with services provided by Corelan.

c. We will only keep your personal information for as long as is required to
provide you with the requested information or services, or for any longer period
as may legally be required.

d. It is our goal to reasonably protect the personal information made
available by you from third parties.

e. You have the right to consult, correct, adjust or have removed your
personal details by written request to Corelan. ¬†If you decide to get your information removed, you understand and accept that you will lose all access to any resources that require the use of these personal details, such as parts of the website that require authentication.

f. When using the Corelan Website, cookies may possible be used. You do not have to accept cookies to be able to use the publicly accessible parts of Corelan Websites.¬†If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices.¬† ¬†Cookies may be used to display advertisements or to collect statistics about the use of the Corelan website.

g. This privacy policy may be amended by Corelan at any time.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

disable

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.

Cookie Policy

When using the Corelan Website, cookies may possible be used. You do not have to accept cookies to be able to use the publicly accessible parts of the Corelan Website.¬†If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. When you log in, we will also set up several cookies to save your login information and your screen display choices.

We may use third party cookies to show ads and to collect anonymous information such as the number of visitors to the site, and the most popular pages.¬† The ability to show ads is an important source of income to cover the hosting fees to keep this website alive. If you prevent ads from being displayed, this website will eventually disappear.